diff ui/sslhelp.cpp @ 464:2e100d3e414a

Add helper functions for sha256 sum and rsa signing
author Andre Heinecke <aheinecke@intevation.de>
date Wed, 23 Apr 2014 15:33:42 +0000
parents f8b480b08532
children f9b0014cff97
line wrap: on
line diff
--- a/ui/sslhelp.cpp	Wed Apr 23 15:33:09 2014 +0000
+++ b/ui/sslhelp.cpp	Wed Apr 23 15:33:42 2014 +0000
@@ -6,6 +6,13 @@
  * See LICENSE.txt for details.
  */
 #include "sslhelp.h"
+#include <polarssl/sha256.h>
+#include <polarssl/pk.h>
+#include <polarssl/entropy.h>
+#include <polarssl/ctr_drbg.h>
+#include <QApplication>
+#include <QUuid>
+#include <QDebug>
 
 QString getPolarSSLErrorMsg(int ret)
 {
@@ -14,3 +21,57 @@
     errbuf[1020] = '\0'; /* Just to be sure */
     return QString::fromLatin1(errbuf);
 }
+
+QByteArray sha256sum(const QByteArray& data)
+{
+    unsigned char output[32];
+    sha256((unsigned char *)data.constData(), (size_t)data.size(), output, 0);
+    return QByteArray(data, 32);
+}
+
+QByteArray rsaSignSHA256Hash(const QByteArray& hash, pk_context *pk)
+{
+    int ret = 0;
+    unsigned char sig[POLARSSL_MPI_MAX_SIZE];
+    size_t sig_len;
+    entropy_context entropy;
+    ctr_drbg_context ctr_drbg;
+
+    entropy_init(&entropy);
+
+    QUuid uuid = QUuid::createUuid();
+    QString personalString = QApplication::applicationName() + uuid.toString();
+    QByteArray personalBa = personalString.toLocal8Bit();
+
+    /*
+    * Initialize random generator.
+    * Personalisation string, does not need to be random but
+    * should be unique according to documentation.
+    *
+    * the ctr_drbg structure does not need to be freed explicitly.
+    */
+    ret = ctr_drbg_init(&ctr_drbg, entropy_func, &entropy,
+                        (const unsigned char*) personalBa.constData(),
+                        personalBa.size());
+    if (ret != 0) {
+        qDebug() << "Failed to initialize drbg: " << getPolarSSLErrorMsg(ret);
+        entropy_free (&entropy);
+        return QByteArray();
+    }
+
+    ret = pk_sign(pk, POLARSSL_MD_SHA256, (const unsigned char*) hash.constData(),
+                  hash.size(), sig, &sig_len, ctr_drbg_random, &ctr_drbg);
+    entropy_free (&entropy);
+
+    if (ret != 0) {
+        qDebug() << "Failed to sign: " << getPolarSSLErrorMsg(ret);
+        return QByteArray();
+    }
+
+    if (sig_len != 3072 / 8) {
+        qDebug() << "Invalid size of signature: " << sig_len;
+        return QByteArray();
+    }
+
+    return QByteArray((const char *)sig, (int)sig_len);
+}

http://wald.intevation.org/projects/trustbridge/